31.172.80.104 Threat Intelligence and Host Information

Jul 09, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 31.172.80.104 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 57/100

Host and Network Information

  • Mitre ATT&CK IDs: T1001 - Data Obfuscation, T1027 - Obfuscated Files or Information, T1035 - Service Execution, T1055 - Process Injection, T1068 - Exploitation for Privilege Escalation, T1110 - Brute Force, T1112 - Modify Registry, T1192 - Spearphishing Link, T1203 - Exploitation for Client Execution, T1563.002 - RDP Hijacking

  • Tags: AppleSeed, brute-force, bruteforce, cyber security, ioc, Kimsuky, malicious, Meterpreter, Mimikatz, Nextray, phishing, RDP, spearphishing, ssh, SSH, tcp, VNC

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: haley_ssh

  • Country: Germany
  • Network:
  • Noticed: 50 times
  • Protocols Attacked: SSH
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Korea Republic of, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America

Malware Detected on Host

Count: 2 d6d6589f54f39e4ac15bbf1059e0937791dc4175ca3b7d66881b535ee5054ad1 812570151a97eee8ab33e6f5c97276321266dea04d0c096af61e7f1f96593e12

Map

Links to attack logs

bruteforce-ip-list-2021-12-16 ****** ****** ******

Share on: